We, Kanadevia Corporation,hereby established "Global Security Policy (GSP)" for the purpose of protecting information assets ofus, our subsidiaries and affiliates ("our Group"), and information assetsof our customers that our Groupreceived from threats such as unauthorized accesses, crimes, errors and accidents.
Based on this Policy, we grasp the information security as an important management issue, and pursue the improvement of corporate value by establishing basic matters such as measures and systems for ensuring information security in our group, and conducting them continuously.

Our Group is developing a variety of products and services,thus, it is necessary to establish information security measures that match our Group’s businesses and conditions, and systems and operational methods to function these measures effectively.
We will deal with the following matters and support our group companies’ actions for addressing,in the appropriate way that matches each companies.

• Developing the information security policy
• Taking measures to maintain the information security technically
• Establishing the system for managing and operating the information security

In accordance with "Kanadevia Group Charter of Ethical Behavior”, our Groupwill strive to comply with laws and regulations about the informationsecurity (in each country).
In addition, we will make efforts to improve the information security of our Group by referring to guidelines published by government agencies, industry organizationsand so on.

To ensure information security, it is important not only to establish policies and systems, but also to operate them on a daily basis.
Our Group manage and operate information provided by customers and business partners and all information assets of ourGroup appropriately, inaccordance with the information security policies established by each group companiesand setting the confidentiality level properly.
Also,our Group will review our information security policy suitably to correspond to the changing social situation and the environments of inside and outside our Group.
Regarding the situations of information security measures ineach group companies, we will grasp theirsituations as necessary and request to correct or improve if needed.
In addition, we strive to ensure the information security by informing our Group's information security policies to supply chains that affect the information security of our Group, such as business partners and subcontractors.

To penetrate the information security measures, it is necessary to raise the awareness of the information security among each officers and employees.
OurGroup provide educations and awareness-raising actions for all officers and employees.

In the event that the information security incident or accident happened, the most important thing is to collect reliable information and respond quickly and appropriately.
In ourGroup, we develop a response policy to respond to information security incidents and accidents, and ensure to make well known to every officers and employees.
In caseincidents or accidents happened, we will respond promptly and notify the relevant parties inside and outside our Group adequatelyto prevent the recurrence.

Enacted:January 13th, 2022
Amended:October 1th,2024